Fedora: Security Advisory for golang-github-gohugoio-localescompressed (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GSD-2022-1003983 phy: qcom-qmp: fix struct clk leak on probe errors

phy: qcom-qmp: fix struct clk leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...

GSD-2022-1003864 phy: qcom-qmp: fix struct clk leak on probe errors

phy: qcom-qmp: fix struct clk leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...

GSD-2022-1003732 phy: qcom-qmp: fix struct clk leak on probe errors

phy: qcom-qmp: fix struct clk leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

GSD-2022-1003223 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type

dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.47 by commit...

GSD-2022-1003003 phy: qcom-qmp: fix struct clk leak on probe errors

phy: qcom-qmp: fix struct clk leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002915 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type

dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...

GSD-2022-1002565 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type

dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.4 by commit...

Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

_transfer#Executor.sol not checking all enum values

Lines of code Vulnerability details Impact Transaction can revert or have unexpected behaviour Poc In transferexecutor.sol you are checking Itemtype values Itemtype.NATIVE, Itemtype.ERC20 and Itemtype.ERC721 after then the last else clause assumes that the Itemtype is a ERC1155. else @audit assum...

GSD-2022-1002383 ALSA: pcm: Test for "silence" field in struct "pcm_format_data"

ALSA: pcm: Test for "silence" field in struct "pcmformatdata" This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.276 by commit...

GSD-2022-1001946 ALSA: pcm: Test for "silence" field in struct "pcm_format_data"

ALSA: pcm: Test for "silence" field in struct "pcmformatdata" This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.112 by commit...

GSD-2022-1001852 drm/msm/dp: populate connector of struct dp_panel

drm/msm/dp: populate connector of struct dppanel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

GSD-2022-1001540 drm/msm/dp: populate connector of struct dp_panel

drm/msm/dp: populate connector of struct dppanel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001347 RDMA/hfi1: Fix use-after-free bug for mm struct

RDMA/hfi1: Fix use-after-free bug for mm struct This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...

GSD-2022-1001225 drm/msm/dp: populate connector of struct dp_panel

drm/msm/dp: populate connector of struct dppanel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

Zkar - A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress , so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol ...

GSD-2022-1000708 blktrace: fix use after free for struct blk_trace

blktrace: fix use after free for struct blktrace This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.13 by commit...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Sudo Baron Samedit This repository is CVE-202...